Portland, Oregon Metropolitan Area
Reet Kaur is a cybersecurity executive and AI risk strategist and the Founder and CEO of Sekaurity, a founder led advisory practice that helps organizations strengthen security fundamentals, govern AI responsibly, and translate technical risk into clear, board ready decisions. She delivers risk based advisory that supports SMB and mid market teams with practical cybersecurity, compliance readiness, and AI security governance so leaders can innovate responsibly and operate within their risk appetite. With more than 24 years of security and IT leadership experience, Reet has guided organizations including Merck, Nike, AECOM, Fidelity, and CIBC, as well as public sector institutions, through security program development, governance, and transformation. At Nike, she led risk management for the company’s global supply chain, spanning vendors, logistics, and technology ecosystems. She served as Chief Information Security Officer at Portland Community College, aligning security initiatives with mission and executive priorities. At Merck, she served as an Executive Director, leading global teams across cloud security, application security, data centric protection, AI risk governance, post quantum cryptography, and adaptive risk management, including work to customize OpenAI LLMs for internal applications. A recognized thought leader in AI security, Reet is a LinkedIn Learning instructor, a co author of a book on application security, and a frequent speaker at industry conferences including Black Hat USA, BSides, RSA, and DeveloperWeek Leadership Summit. Through Sekaurity, she makes AI and cybersecurity clear, actionable, and sustainable. All advisory engagements are led and delivered directly by Reet, with vetted specialist support brought in when needed. LinkedIn Learning courses: 1. Managing Your Cybersecurity Program through a Merger or Acquisition https://bit.ly/49DhQBW 2. AI Product Security: Foundations and Proactive Security for AI https://bit.ly/3LttCqq 3. AI Product Development: Secure by Design https://bit.ly/49xoKs7 4. The OWASP Top 10 for Large Language Model Applications: An Overview (2024) https://bit.ly/45dt3Yt 5. The OWASP Top 10 for Large Language Model Applications: An Overview (2025 update) https://bit.ly/49okxZ2
- Serve as a trusted advisor to boards, executives, and operating leaders by translating cybersecurity and AI risk into clear business decisions aligned to risk appetite, operational priorities, and regulatory expectations. - Lead security and compliance assessments across frameworks such as ISO 27001, NIST CSF, and NIST 800-53, producing executive-ready roadmaps, measurable KPIs and KRIs, audit evidence strategies, and prioritized investment plans. - Strengthen incident response and operational resilience through scalable playbooks, escalation models, tabletop exercises, and post-incident improvement practices that enhance coordination, preparedness, and response quality. - Guide the design and oversight of practical, risk-based security programs across GRC, identity and access management, endpoint security, patching, cloud and SaaS governance, and data protection, with clear ownership, accountability, and performance measures. - Establish governance guardrails for GenAI, LLM, and agentic AI use cases, aligned to frameworks such as NIST AI RMF, OWASP, and ISO/IEC 42001, while also supporting cyber due diligence, leadership transitions, and security program stabilization during periods of change.
Scope: Global Office of the CISO leader; 130+ people org, $40M portfolio. - Directed global security engineering to improve risk visibility and control adoption across cloud, application, data security, cyber defense analytics, and GRC technology. - Migrated Archer to ServiceNow for incident response, vulnerability management, threat intelligence, and compliance; enabled automated reporting for CIO and enterprise risk leadership. - Advanced enterprise security modernization by integrating AI, intelligent automation, and post-quantum cryptography initiatives to improve resilience and scalability. - Implemented a multi-SIEM architecture (Microsoft Sentinel, Google Chronicle, Cribl) to optimize telemetry and strengthen security analytics and observability. - Built risk-aligned product roadmaps and secured funding for strategic capabilities (e.g., EASM and SSPM), driving accountable delivery using KPIs and KRIs.
Scope: Enterprise CISO for 75K+ students / 6,000 workforce across 4 campuses. - Built an enterprise risk-based security program across 18 locations, aligned to institutional risk and public-sector requirements. - Developed a NIST-aligned multi-year security strategy and established a GRC function; chaired compliance committees for PCI DSS, HIPAA, GLBA, and FERPA. - Built a cybersecurity incident management program and led breach response coordination with legal counsel, law enforcement, and state authorities. - Implemented SIEM, MDR, EDR/endpoint, and data protection capabilities, increasing program maturity from 20% to 75%. - Strengthened readiness and intelligence sharing through partnerships with REN-ISAC, HS-ISAC, and CISA, and expanded security awareness to drive a cyber-resilient culture.
Scope: Enterprise GRC leader for a Fortune 100 global brand. - Established an enterprise GRC program aligned to ISO/IEC 27001 and NIST, integrating policy, risk, and compliance into a business-enabling governance model. - Built and led a global information risk management team, delivering enterprise risk assessments and a prioritization model (including heat mapping) to drive remediation and investment decisions. - Implemented KPI/KRI and SOX-aligned governance reporting; demonstrated ROI and enabled a 43% funding increase for a $100M security program. - Embedded security requirements into procurement and vendor contracts and launched vendor risk management (TPRM) and attack surface assessment to reduce third-party exposure. - Led cybersecurity due diligence for mergers and acquisitions and drove post-acquisition integration planning to protect enterprise value.